Installation

AWS

Bare Metal

Azure

OpenStack

VMware

Advanced Install

Cluster Administration

Upgrade/Software Updates

User Management

Troubleshooting

User Guides

Tectonic Services

Tectonic Services are the applications that are installed into your cluster. These include:

Name

Description

Tectonic Console

Included

Web management console for Kubernetes and the services themselves

Tectonic Support

Included

Service for the Tectonic Support team to help understand what is happening in your cluster

Tectonic Identity

coming soon

Centralized user management for services on your cluster

Optional Additional Services

Name

Description

Quay Enterprise

coming soon

The award winning Docker Registry, based on Quay.io

Installing with kubectl

All Tectonic Services run on Kubernetes and are installed with kubectl. We'll use it to install all of the included services, then configure your Tectonic license, and finally configure the Tectonic Console so your users can access it.

Install Services

The Tectonic Services are run within a separate namespace, tectonic-system, in order to group them together and keep them out of your way. You're encouraged to use namespaces for your company's teams, projects or deployment environments.

Install your Tectonic License

Next, we need to install your license in order to complete the installation of the Tectonic Services. You can find your license in your Tectonic account.

The license is stored within the cluster as a Secret, which is a secure way to expose sensitive data to applications in Kubernetes. Your Tectonic License should be pre-formatted as a Secret and should look similar to:

Once the pods reach Running status, everything should be configured properly.

Exposing Tectonic Console to your Browser

By default the Tectonic Services are not exposed outside the cluster. For example, we observed the pod running the Tectonic Console, but we don't have a convienient way to access it. To do this, we can create a Kubernetes Service that exposes the service. This step requires careful consideration as it is exposing the service directly to the open network.

There are two main ways of configuring a Service to expose it outside of the cluster.

Using a NodePort

A feature of a Kubernetes service is a NodePort, which is a mechanism to expose the service on a specific port on every machine in the cluster.

You would then browse to the specific port on any machine to load the Console. Additionally, using a NodePort will allow any machine in the cluster to function as a backend for a load balancer.

This service definition (template) will expose the Tectonic Console on port 32000 using NodePort:

Now, create the service. You'll see a warning about exposing the service to the network:

$ kubectl --namespace=tectonic-system create -f https://tectonic.com/docs/latest/deployer/files/tectonic-console-public.yml
You have exposed your service on an external port on all nodes in your
cluster. If you want to expose this service to the external internet, you may
need to set up firewall rules for the service port(s)(tcp:32000) to serve traffic.
See http://releases.k8s.io/HEAD/docs/user-guide/services-firewalls.md for more details.
services/tectonic-console-public

Now you should be able to navigate to http://<host>:32000 where "host" is any worker node in the cluster.

Using a LoadBalancer

If you are using a Kubernetes deployment on Google or AWS and have configured your cloud credentials as a Secret, using the service type "LoadBalancer" will create a new cloud load balancer and expose the service through it. Example (template):